Monday, July 24, 2017
Home / Tutorials / Metasploit Tutorial By Un0wn_X

Metasploit Tutorial By Un0wn_X

I made a small tutorial on integrating DNS in Metasploit backdoor executables. If you don’t know about creating backdoors please refer my previous tutorial http://www.youtube.com/watch?v=NiBsBKGf80Y.  You should know how to configure RATs. We use a DNS because our external IP changes every time. So a normal reverse_tcp connects like this.
Victim’s internal IP—>Victim’s external IP—> Attacker’s external IP—> Attacker’s Internal IP
 
But most of the time the Attacker’s External IP is Dynamic and changes. For that we can use a free domain name server such as No-IP. First of all create an account on No-IP and configure your DUC client correctly. Next make sure you port forward you router to a new internal IP. That is your Back Track machine. Use a bridged connection in Network settings because we are going to add our BT machine to our internal IP Range. So here we use the payload as windows/meterpreter/reverse_tcp_dns in making our backdoor. As the DUC client sends our External IP and updates our no-ip domain DNS is acting static. This is how it works.
 
Victim’s internal IP—> Victim’s external IP—> Attacker’s DNS—>Attacker’s external IP—> Attacker’s Internal IP
 
Set the LHOST to your no-ip domain, mine is (boomboom.no-ip.com). Set the LPORT to your forwarded port for the BT machine. Those are things new we should modify in making our backdoor the rest are normal.
Now launch metasploit and use the multi/handler exploit which handles exploits outside the network. Set the LHOST to your internal IP which BT has been assigned. Set LPORT to your forwarded port number and exploit. Once the victim opens the backdoor it back connects through the DNS to our IP successfully. Now you can use that at any time because of DNS, it will be little similar to RATs. Making it FUD and undetectable is up to you. This video is just a demonstration and Special Thanx to Max for acting as the victim and helping me making this video in real world. 

Use this for Educational Purposes Only and I am not responsible for the damage you cause.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Low Level IPhone programming

Video from JailbreakCon Twitter: @JailbreakCon – http://twitter.com/JailbreakCon “Low Level iPhone Programming (And more!)” by winocm [remotely, …